Вы находитесь на странице: 1из 5

Implementation Guide 2000

Standard 2000 Managing the Internal Audit Activity


The chief audit executive must effectively manage the internal audit activity to ensure it
adds value to the organization.

Interpretation:
The internal audit activity is effectively managed when:

It achieves the purpose and responsibility included in the internal audit charter.
It conforms with the Standards.
Its individual members conform with the Code of Ethics and the Standards.
It considers trends and emerging issues that could impact the organization.

The internal audit activity adds value to the organization and its stakeholders when it
considers strategies, objectives, and risks; strives to offer ways to enhance governance,
risk management and control processes; and objectively provides relevant assurance.

Revised Standards, Effective 1 January 2017

Getting Started
This standard communicates the minimum criteria that the chief audit executive (CAE) must
fulfill in managing the internal audit activity. Reviewing the requirements related to each
element in the Interpretation may help the CAE prepare to implement this standard.

1
Implementation Guide 2000 / Managing the Internal Audit Activity

As this standard indicates, the CAE is responsible for managing the internal audit activity in a
way that enables the internal audit activity as a whole to conform with the Standards and
individual internal auditors to conform with the Standards and Code of Ethics. Thus, it is crucial
that the CAE regularly reviews the International Professional Practices Framework (IPPF) to
address the details of conformance.

Standard 2000 points out several fundamentals needed to fulfill the principle that the internal
audit activity adds value to the organization. The CAE may start by reviewing the internal audit
activitys purpose and responsibility, which is agreed upon by the CAE, senior management,
and the board and recorded in the internal audit charter. Studying the organizational chart can
help the CAE identify the organizations stakeholders, structure, and reporting relationships.
Studying the organizations strategic plan will give the CAE insight into the organizations
strategies, objectives, and risks. The risks considered should include trends and emerging
issues, such as those involving the organizations industry, the internal audit profession itself,
regulatory requirements, and political and economic situations. The CAE may gather additional
input by speaking with senior management and the board about the strategic plan.

This forethought and preparation lays the groundwork for the CAE to manage the internal audit
activity in a way that adds value by enhancing the organizations governance, risk
management, and control processes and by providing relevant assurance.

Considerations for Implementation


After considering the aforementioned information, the CAE develops an internal audit strategy
and approach that aligns with the goals and expectations of the organizations leadership. In
addition, as stated in Standard 2010, the CAE creates a risk-based internal audit plan to
determine the priorities of the internal audit activitys assurance and consulting engagements.
This process takes into account the input of senior management and the board as well as a
documented annual risk assessment (Standard 2010.A1).

In the internal audit plan, the CAE typically defines the internal audit activitys scope and
deliverables, specifies the resources needed to achieve the plan, and outlines an approach to

2
Implementation Guide 2000 / Managing the Internal Audit Activity

develop the internal audit activity and measure its performance and progress against the plan.
According to Standard 2020, the CAE is responsible for communicating the plan, resource
requirements, and the impact of resource limitations to the board and senior management and
receiving their approval. Significant interim changes to the plan must also be communicated
and approved.

As stated in Standard 2030, the CAE must also ensure that internal audit resources are
deployed effectively to achieve the approved plan. To implement a systematic and disciplined
approach to managing the internal audit activity, the CAE considers the Mandatory Guidance
of the IPPF and establishes internal audit policies and procedures (Standard 2040). Internal
audit policy and procedure documents often are assembled into an internal audit manual for
the internal audit activity to use. The documents may include methods and tools for training
internal auditors. The CAE may require internal auditors to acknowledgement by signature that
they have read and understood the policies and procedures.

Standard 2000 introduces the CAEs responsibility for ensuring that the internal audit activity
adds value to the organization by objectively providing relevant assurance and offering
suggestions to enhance the organizations governance, risk management, and control
processes. The 2100 series of standards and implementation guides describes the
requirements and processes that enable the internal audit activity to complete these
objectives.

The CAE ensures effective management by monitoring conformance with the Mandatory
Guidance of the IPPF at both the level of the individual internal auditor and the internal audit
activity as a whole. The CAE is also responsible for implementing a quality assurance and
improvement program, as required by Standard 1300, and for implementing the methods and
tools related to the 1200 series of standards.

The CAE must also evaluate the internal audit activitys effectiveness to achieve conformance
with Standard 2000. Typically, the CAE develops metrics for evaluating the efficiency and
effectiveness of the internal audit activity. Tools the CAE may use for this purpose include
soliciting feedback through post-audit client surveys, completing annual performance reviews

3
Implementation Guide 2000 / Managing the Internal Audit Activity

of individual internal auditors, implementing the quality assurance and improvement program,
and comparing the organizations internal audit activity against contemporary internal audit
groups in the industry (benchmarking).

Considerations for Demonstrating Conformance


Evidence of how well the internal audit activity has been managed and whether it has added
value to the organization exists in the results of post-engagement client surveys and other
sources of feedback. In addition, internal and external assessments help gauge the internal
audit activitys conformance with the Mandatory Guidance of the IPPF, including performance
metrics related to managing the internal audit activity. The results of comparisons against the
industry standard (i.e., benchmarking) may also be used.

Because Standard 2000 requires evidence of conformance not only at the level of the internal
audit activity, but also at the level of the individual internal auditor, evidence that supports the
1200 series of standards may also be useful. This may include supervisory evaluations and
peer reviews of individual internal auditors and the CAE, with metrics tied to performance and
conformance.

Evidence of conformance with the 2000 series of standards (i.e., standards 2010 through
2070) provides additional evidence of conformance with Standard 2000.

4
Implementation Guide 2000 / Managing the Internal Audit Activity

About The IIA


The Institute of Internal Auditors (The IIA) is the internal audit professions most widely recognized advocate, educator,
and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 180,000
members from more than 170 countries and territories. The associations global headquarters are in Lake Mary, Fla.
For more information, visit www.globaliia.org or www.theiia.org.

About Implementation Guidance


Implementation Guidance, as part of The IIAs International Professional Practices Framework (IPPF), provides
recommended (non-mandatory) guidance for the internal audit profession. It is designed to assist both internal auditors
and internal audit activities to enhance their ability to achieve conformance with the International Standards for the
Professional Practice of Internal Auditing (Standards).

Implementation Guides assist internal auditors in applying the Standards. They collectively address internal audit's
approach, methodologies, and consideration, but do not detail processes or procedures.

For other authoritative guidance materials provided by The IIA, please visit our website at
www.globaliia.org/standards-guidance or www.theiia.org/guidance.

Disclaimer
The IIA publishes this document for informational and educational purposes. This guidance material is not intended to
provide definitive answers to specific individual circumstances and, as such, is only intended to be used as a guide.
The IIA recommends that you always seek independent expert advice relating directly to any specific situation. The IIA
accepts no responsibility for anyone placing sole reliance on this guidance.

Copyright
Copyright 2016 The Institute of Internal Auditors. For permission to reproduce, please contact guidance@theiia.org.

Вам также может понравиться